High-Severity Chrome Gemini AI Flaw Exposed Users to Surveillance and Data Theft
A critical security vulnerability (CVE-2026-0628) in Google Chrome’s integrated Gemini AI assistant was discovered by Palo Alto Networks’ Unit 42, allowing attackers to silently access cameras, microphones, local files, and execute phishing attacks all without user interaction beyond opening the AI panel. The flaw was responsibly disclosed to Google on October 23, 2025, and patched on January 5, 2026.
The issue stemmed from Chrome’s handling of the declarativeNetRequest API, which permits extensions to modify web requests. While extensions could inject JavaScript into standard tabs without elevated privileges, the same code executed within the Gemini panel inherited its full browser-level permissions. A malicious extension with basic permissions could exploit this inconsistency to hijack the AI panel, gaining unrestricted access to sensitive functions.
Once compromised, the Gemini panel enabled attackers to:
- Activate cameras and microphones for covert surveillance.
- Capture screenshots of sensitive on-screen data.
- Access local files and directories, risking data exfiltration.
- Launch phishing attacks from within the trusted browser component, increasing deception success rates.
The flaw highlighted risks posed by AI-integrated browsers, which require broad permissions for functionality but expand the attack surface. While extension-based attacks typically require installation, the privileged nature of AI panels like Microsoft Copilot in Edge and other standalone tools amplifies potential damage. Malicious extensions, often distributed via browser stores or hijacked legitimate tools, could exploit this flaw for corporate espionage or large-scale data theft.
Google’s patch, released on January 5, 2026, mitigates the risk for updated Chrome installations. The incident underscores the security challenges of embedded AI assistants in enterprise and consumer environments.
Source: https://cybersecuritynews.com/chrome-gemini-vulnerability/
Google cybersecurity rating report: https://www.rankiteo.com/company/google
"id": "GOO1772476003",
"linkid": "google",
"type": "Vulnerability",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Technology/Consumer Software',
'location': 'Global',
'name': 'Google Chrome Users',
'size': 'Millions of users',
'type': 'Software Users'}],
'attack_vector': 'Malicious Browser Extension',
'data_breach': {'data_exfiltration': 'Possible',
'personally_identifiable_information': 'Possible',
'sensitivity_of_data': 'High (potential PII, corporate data)',
'type_of_data_compromised': ['Local files',
'Screenshots',
'Camera/microphone recordings']},
'date_detected': '2025-10-23',
'date_resolved': '2026-01-05',
'description': 'A critical security vulnerability (CVE-2026-0628) in Google '
'Chrome’s integrated Gemini AI assistant was discovered by '
'Palo Alto Networks’ Unit 42, allowing attackers to silently '
'access cameras, microphones, local files, and execute '
'phishing attacks all without user interaction beyond opening '
'the AI panel. The flaw was responsibly disclosed to Google on '
'October 23, 2025, and patched on January 5, 2026.',
'impact': {'brand_reputation_impact': 'Risk of erosion due to privacy '
'violations',
'data_compromised': 'Local files, directories, screenshots, '
'camera/microphone recordings',
'identity_theft_risk': 'High (if PII was accessed)',
'operational_impact': 'Potential unauthorized surveillance and '
'data exfiltration',
'systems_affected': 'Google Chrome with Gemini AI assistant'},
'investigation_status': 'Resolved',
'lessons_learned': 'Risks posed by AI-integrated browsers with broad '
'permissions; need for stricter extension-AI panel '
'isolation.',
'motivation': ['Corporate Espionage', 'Data Theft'],
'post_incident_analysis': {'corrective_actions': 'Google patched the API '
'misconfiguration to prevent '
'privilege escalation',
'root_causes': 'Inconsistent permission handling '
'between standard tabs and Gemini '
'AI panel via declarativeNetRequest '
'API'},
'recommendations': ['Update Chrome to the latest patched version',
'Audit installed browser extensions for malicious '
'activity',
'Monitor AI panel permissions in enterprise environments'],
'references': [{'source': 'Palo Alto Networks’ Unit 42'}],
'response': {'containment_measures': 'Patch released by Google',
'remediation_measures': 'Fixed declarativeNetRequest API '
'handling in Gemini AI panel',
'third_party_assistance': 'Palo Alto Networks’ Unit 42'},
'title': 'High-Severity Chrome Gemini AI Flaw Exposed Users to Surveillance '
'and Data Theft',
'type': 'Privilege Escalation',
'vulnerability_exploited': 'CVE-2026-0628 (declarativeNetRequest API '
'misconfiguration in Gemini AI panel)'}